<div>
  In this scheme, you can configure who can do what by using a big table.

  <p>
  Each column represents a permission. Hover the mouse over the permission names to get
  more information about what they represent.

  <p>
  Each row represents a user or a group (often called 'role', depending on the security realm.)
  This includes a special user 'anonymous', which represents unauthenticated users, as well
  as 'authenticated', which represents all authenticated users (IOW, everyone except anonymous users.)
  Use the text box below the table to add new users/groups/roles to the table, and click the
  <tt>[x]</tt> icon to remove it from the table.

  <p>
  Permissions are additive. That is, if an user X is in group A, B, and C, then
  the permissions that this user actually has are the union of all permissions given to
  X, A, B, C, and anonymous.
</div>
